From 08de9bd57e4a52059215ae6bd04048fcc4c9530d Mon Sep 17 00:00:00 2001 From: Roberto Tyley <52038+rtyley@users.noreply.github.com> Date: Thu, 8 Aug 2024 13:23:11 +0100 Subject: [PATCH 1/4] Try out updated Panda settings code --- project/Dependencies.scala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project/Dependencies.scala b/project/Dependencies.scala index 602be0b0..4015562c 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -33,7 +33,7 @@ object Dependencies { "com.gu" %% "editorial-permissions-client" % "2.15", "com.gu" %% "simple-configuration-ssm" % "1.5.6", "com.gu" %% "fezziwig" % "1.6", - "com.gu" %% "pan-domain-auth-play_3-0" % "5.0.0", + "com.gu" %% "pan-domain-auth-play_3-0" % "6.0.0-PREVIEW.support-accepting-multiple-public-keys.2024-09-12T0925.97cd6456", "io.circe" %% "circe-parser" % "0.14.5", "net.logstash.logback" % "logstash-logback-encoder" % "6.6", "com.gu" %% "content-api-client-aws" % "0.7", From 0c0974a2d2fe30fe8e2054eab495965908f83bb3 Mon Sep 17 00:00:00 2001 From: Pete F <37048459+bryophyta@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:52:53 +0100 Subject: [PATCH 2/4] New preview release --- project/Dependencies.scala | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/project/Dependencies.scala b/project/Dependencies.scala index 4015562c..0c7137e1 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -33,10 +33,10 @@ object Dependencies { "com.gu" %% "editorial-permissions-client" % "2.15", "com.gu" %% "simple-configuration-ssm" % "1.5.6", "com.gu" %% "fezziwig" % "1.6", - "com.gu" %% "pan-domain-auth-play_3-0" % "6.0.0-PREVIEW.support-accepting-multiple-public-keys.2024-09-12T0925.97cd6456", + "com.gu" %% "pan-domain-auth-play_3-0" % "6.0.0-PREVIEW.support-accepting-multiple-public-keys.2024-09-12T1117.a6ae5e80", "io.circe" %% "circe-parser" % "0.14.5", "net.logstash.logback" % "logstash-logback-encoder" % "6.6", "com.gu" %% "content-api-client-aws" % "0.7", "com.gu" %% "content-api-client" % "20.0.0" ) -} \ No newline at end of file +} From bef81f05b2ad73660f26698596fb801077bc9013 Mon Sep 17 00:00:00 2001 From: Roberto Tyley <52038+rtyley@users.noreply.github.com> Date: Thu, 12 Sep 2024 16:13:45 +0100 Subject: [PATCH 3/4] Try out fix in https://github.com/guardian/pan-domain-authentication/commit/6e11a68df89c24c3cc3df4d3b5135c57d067ea45 --- app/AppComponents.scala | 2 +- build.sbt | 2 ++ project/Dependencies.scala | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/AppComponents.scala b/app/AppComponents.scala index f225afa6..71371b99 100644 --- a/app/AppComponents.scala +++ b/app/AppComponents.scala @@ -30,7 +30,7 @@ class AppComponents(context: Context, identity: AppIdentity) override def controllerComponents: ControllerComponents = AppComponents.this.controllerComponents - override def panDomainSettings: PanDomainAuthSettingsRefresher = new PanDomainAuthSettingsRefresher( + override val panDomainSettings: PanDomainAuthSettingsRefresher = new PanDomainAuthSettingsRefresher( domain = config.pandaDomain, system = config.pandaSystem, bucketName = "pan-domain-auth-settings", diff --git a/build.sbt b/build.sbt index e7e4b471..92cac095 100644 --- a/build.sbt +++ b/build.sbt @@ -9,6 +9,8 @@ libraryDependencies ++= dependencies routesGenerator := InjectedRoutesGenerator +resolvers ++= Resolver.sonatypeOssRepos("releases") + lazy val root = (project in file(".")).enablePlugins(PlayScala, JDebPackaging, SystemdPlugin) .settings(Defaults.coreDefaultSettings: _*) .settings( diff --git a/project/Dependencies.scala b/project/Dependencies.scala index 0c7137e1..2ca96411 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -33,7 +33,7 @@ object Dependencies { "com.gu" %% "editorial-permissions-client" % "2.15", "com.gu" %% "simple-configuration-ssm" % "1.5.6", "com.gu" %% "fezziwig" % "1.6", - "com.gu" %% "pan-domain-auth-play_3-0" % "6.0.0-PREVIEW.support-accepting-multiple-public-keys.2024-09-12T1117.a6ae5e80", + "com.gu" %% "pan-domain-auth-play_3-0" % "6.0.0-PREVIEW.support-accepting-multiple-public-keys.2024-09-12T1504.6e11a68d", "io.circe" %% "circe-parser" % "0.14.5", "net.logstash.logback" % "logstash-logback-encoder" % "6.6", "com.gu" %% "content-api-client-aws" % "0.7", From a7e95f1cb46a0a0e42a145fe9e5565b930eeefe6 Mon Sep 17 00:00:00 2001 From: Roberto Tyley <52038+rtyley@users.noreply.github.com> Date: Thu, 12 Sep 2024 18:12:48 +0100 Subject: [PATCH 4/4] Upgrade to Panda v7 - support key rotation This upgrades Panda from v5 to v7, allowing us to use key rotation as introduced with https://github.com/guardian/pan-domain-authentication/pull/150. As Atom Workshop is pretty standard user of Panda, the upgrade is pretty simple: * Panda v6: * https://github.com/guardian/pan-domain-authentication/pull/155 requires `panDomainSettings` is a `val`, not a `def` --- app/AppComponents.scala | 8 +++----- project/Dependencies.scala | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/app/AppComponents.scala b/app/AppComponents.scala index 71371b99..ee9b11f8 100644 --- a/app/AppComponents.scala +++ b/app/AppComponents.scala @@ -1,6 +1,6 @@ import com.gu.AppIdentity import com.gu.atom.play.ReindexController -import com.gu.pandomainauth.PanDomainAuthSettingsRefresher +import com.gu.pandomainauth.{PanDomainAuthSettingsRefresher, S3BucketLoader} import config.{AWS, Config} import controllers.{AssetsComponents, ExplainerReindexController, PanDomainAuthActions} import db.{AtomDataStores, AtomWorkshopDB, ExplainerDB} @@ -30,12 +30,10 @@ class AppComponents(context: Context, identity: AppIdentity) override def controllerComponents: ControllerComponents = AppComponents.this.controllerComponents - override val panDomainSettings: PanDomainAuthSettingsRefresher = new PanDomainAuthSettingsRefresher( + override val panDomainSettings: PanDomainAuthSettingsRefresher = PanDomainAuthSettingsRefresher( domain = config.pandaDomain, system = config.pandaSystem, - bucketName = "pan-domain-auth-settings", - settingsFileKey = s"${config.pandaDomain}.settings", - s3Client = AWS.S3Client, + S3BucketLoader.forAwsSdkV1(AWS.S3Client, "pan-domain-auth-settings") ) override def permissions: Permissions = appPermissions diff --git a/project/Dependencies.scala b/project/Dependencies.scala index 2ca96411..9df1a545 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -33,7 +33,7 @@ object Dependencies { "com.gu" %% "editorial-permissions-client" % "2.15", "com.gu" %% "simple-configuration-ssm" % "1.5.6", "com.gu" %% "fezziwig" % "1.6", - "com.gu" %% "pan-domain-auth-play_3-0" % "6.0.0-PREVIEW.support-accepting-multiple-public-keys.2024-09-12T1504.6e11a68d", + "com.gu" %% "pan-domain-auth-play_3-0" % "7.0.0", "io.circe" %% "circe-parser" % "0.14.5", "net.logstash.logback" % "logstash-logback-encoder" % "6.6", "com.gu" %% "content-api-client-aws" % "0.7",